Community discussions

 
User avatar
mogul
just joined
Topic Author
Posts: 1
Joined: Fri Jul 05, 2013 11:51 am

dynamic ip in a dst-nat rule

Sun Mar 03, 2019 4:28 pm

Using a RB450G (sw 6.43) in front of my home networks. Im on a cable connection where I get assigned a new Ip address once in a while. I have a dyn-dns service to follow me around.

One of the machines is a docker host with a bunch of web services on, all having individual public DNS records.
I would like these services accessible both from the outside world, but also from the inside.

To make this I have the following dst-nat rule:
add action=dst-nat chain=dstnat \
  dst-address=88.77.66.55 dst-port=80,443 \
  to-addresses=192.168.40.13
where 88.77.66.55 is my current public IP.

Now when my provider moves me to a new IP, I have to manually go in and do a
/ip address print
and then update the IP in the NAT rule above.

Question is if I somehow can say to the dst-address in the NAT rule "use the address you got assigned on ether1" ?
 
anav
Forum Guru
Forum Guru
Posts: 3113
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: dynamic ip in a dst-nat rule

Tue Mar 05, 2019 1:55 pm

in-interface=eth1wan or if you have several wans, in-interface-list=wan (instead of IP addresses)
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
User avatar
Steveocee
Forum Guru
Forum Guru
Posts: 1110
Joined: Tue Jul 21, 2015 10:09 pm
Location: UK
Contact:

Re: dynamic ip in a dst-nat rule

Tue Mar 05, 2019 5:32 pm

This won't be totally applicable but it explains how to get the dynamic bit down far easier than my typing will do.
https://www.youtube.com/watch?v=_kw_bQyX-3U
Steve "Steveocee" Carter
PC Gamer, Airsofter, MikroTik Nerd
My Website - My MikroTik Tutorials
 
anav
Forum Guru
Forum Guru
Posts: 3113
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada

Re: dynamic ip in a dst-nat rule

Tue Mar 05, 2019 6:56 pm

For inside connections to your own servers (but for some strange reason want to use the public wan ip address) the typical answer is to use hairpin-nat.
There is another option i don't quite understand but it has to do with routing the traffic............ directly to the server.

/ip route rule
add action=lookup dst-address=<an IP not sure which one???> table= main?????
I'd rather manage rats than software. Follow my advice at your own risk! (Sob & mkx forced me to write that!)
 
2frogs
Long time Member
Long time Member
Posts: 540
Joined: Fri Dec 03, 2010 1:38 am

Re: dynamic ip in a dst-nat rule

Tue Mar 05, 2019 8:25 pm

I prefer this nat rule over using the ddns shown in the video.
add action=dst-nat chain=dstnat dst-address-type=local dst-address=!192.168.40.1(or router ip) dst-port=80,443  to-addresses=192.168.40.13
 
nostromog
Member Candidate
Member Candidate
Posts: 161
Joined: Wed Jul 18, 2018 3:39 pm

Re: dynamic ip in a dst-nat rule

Wed Mar 06, 2019 1:53 am

Question is if I somehow can say to the dst-address in the NAT rule "use the address you got assigned on ether1" ?
In a separate thread somewhere around I read that one way would be:

* activate /ip cloud set ddns-enabled=yes update-time=no (for time it is better to use ntp)
* create a mypublicip firewall address.list with the <serialname>.sn.mynetname.net dns name: /ip firewall address-list add address=[/ip cloud get dns-name] list=myip
* use this address list in the firewall rules, substituting dst-address=88.77.66.55 -> dst-address-list=mypublicip

You obviously could do the same with whatever dynamic dns you are using, instead... Works quite well in practice

Who is online

Users browsing this forum: No registered users and 95 guests